Privacy and Data Protection

Minter Ellison’s privacy and data protection team advises clients across different industry sectors on local and international privacy and data protection issues.

We regularly assist with the development of privacy compliance tools and privacy policies and statements; conduct privacy audits of organisations to assist with compliance; advise financial institutions in relation to privacy implications associated with credit reporting and providing financial services; advise on marketing and promotional strategies (including email spam and other direct marketing); assist multinational organisations in relation to trans-border data flows; and assist organisations in the event of data and information security breaches.

In light of continuing proposals to change privacy laws in Australia, we keep abreast of developments and advise clients on the possible future changes to the law.

Higher education providers are becoming increasingly popular targets for cyber attacks. Many institutions have responded by allocating significant resources and capital towards upgrading and reconfiguring their cyber security infrastructure. We provide a guide to help providers minimise risk.

The risks associated with social media misuse by employees are well publicised. Less known, however, are the risks faced by employers in accessing, using and disclosing the personal information of employees obtained by the employer via social media sites. So, where does the line begin and end? And when can an employer rely on the information to make decisions?

The Commonwealth Attorney General, Mark Dreyfus QC, yesterday issued Terms of Reference requiring the Australian Law Reform Commission to conduct an inquiry into the prevention of, and remedies for, serious invasions of privacy in the digital era. This latest development is part of the government's second stage response to the recommendations in the ALRC's 2008 Report into reforming the Privacy Act 1988 (Cth), together with the recent proposed compulsory data breach notification scheme and the removal of certain exceptions to the Privacy Act.

As the policy debate rages on the future direction of tertiary education and its institutions, Australian universities are grappling with a raft of regulatory changes that will materially affect their day to day operations.

Cybercrime poses a significant challenge for law enforcement agencies and criminal justice systems across the globe. The borderless nature of the internet makes it easier for cyber attacks to be externally instigated. In response, Australia, together with a number of other nations, has taken steps to harmonise laws intended to combat cyber threats and facilitate greater international cooperation between law enforcement agencies.

Australia's new cybercrime law, which came into force on 1 March 2013, establishes the legislative framework for Australia's accession to the Council of Europe Convention on Cybercrime (Convention). The essence of the new cybercrime law is to empower Australia's law enforcement and intelligence agencies to compel carriers to preserve the communication records of persons suspected of cyber-based crimes. The new law also expands the Commonwealth cybercrime offences and facilitates international cooperation between State parties to the Convention through the cross-border sharing of communication records.

The Federal Attorney-General has released a Discussion Paper seeking comment on whether to introduce laws to make notification of data breaches by government agencies and large private sector entities mandatory in Australia. The Government is calling for submissions by 23 November 2012, asking what the triggers should be and what penalties should apply for failure to comply. The Federal Privacy Commissioner has given his support to the Discussion Paper and a mandatory notification scheme.

Many organisations are transferring non-critical applications to various cloud computing models, whilst still maintaining business critical applications within their current infrastructure. Cloud computing models exist along a spectrum that includes public clouds, private clouds, hybrid clouds and virtual private clouds (a private cloud existing in a public cloud).